1 June 16 2004 Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

Slides:



Advertisements
Similar presentations
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Configuring Directory Certificate Services Lesson 13.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Creating and Managing Digital Certificates Chapter Eleven.
Hajar Sabuur Johnson & Johnson Worldwide Information Security June 16, 2005
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.
Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
TAG Presentation 18th May 2004 Paul Butler
Public Key Infrastructure (PKI)
Cryptography and Network Security
TAG Presentation 18th May 2004 Paul Butler
U.S. Federal e-Authentication Initiative
PKI (Public Key Infrastructure)
Presentation transcript:

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview

2  A single electronic credential which:  Can be used and accepted across multiple organizations  Allows legally binding electronic signatures to be made in countries around the world  Is easy and straightforward for the user to employ  Can be obtained from a SAFE-accredited source of the user’s choice  Vendors will have the opportunity to pursue SAFE-accreditation  No single supplier controls the marketplace  A set of open standards covering:  Software that can make, and validate (check), electronic (digital) signatures meeting SAFE business rules  Ultimately, this capability built in to off-the-shelf products  A trust-based, collaborative community of biopharmaceutical companies and their business/regulatory partners efficiently using electronic processes to conduct business transactions SAFE Goals

3 What Technology Does the SAFE Credential Employ? Public Key Technology  Widely used for secure electronic and internet transactions today  Based on two keys (large numbers), mathematically linked  One key is kept private, the other is made public  Public key appears in a digital certificate – an electronic credential (file) that links the public key to a person’s identity  Private key is kept secret on a hardware device (like a smartcard)  To make a digital signature, the user of the hardware device inserts it into the PC and proves his or her identity to the device (usually done with a passphrase that only the user and the device knows).  The private key on the device then makes the digital signature on the document selected by the user.  To validate (check) a digital signature, commercially available software uses the public key from the digital certificate What Technology Does the SAFE Credential Employ?

4 3. Present information (message) to be signed to the user (signer) Subscriber 1.Authenticate [best practice] 2.Select information to be signed 5. Acknowledge the signature parameters (request for biometric/passphrase/password and legally binding message) SAFE Transaction Meaning of signing: Approved Certificate 4. Select Signature parameters 6. Create the digital signature (preserves document integrity) 7. Log transaction Hash Data object S Digital Signature Certificate PKCS #7/CMS Sign S Private Key The Signing Process

5 Relying party 1.Receives signed message 4. Log transaction Equal? Yes = valid No = invalid OCSP Hash S Public Key Validate Document (as received) Hash 2. Certificate Validation and Digital Signature Verification Trusted Root CA Intermediate CA Subscribers OCSP 3. Acknowledge verification and validation Log OCSP response Signature Verification Process

6  A special server called a Certification Authority (CA)  Analogy: the machine at the Department of Motor Vehicles which creates your driver’s license  But only after you have proven your identity to a Registration Authority (RA)  Analogy: the window at the DMV where you prove who you are before you can get your driver’s license  An “Issuer” is a vendor, bank, or company that operates a CA and an RA, and issues/supplies credentials to users  SAFE will accredit Issuers so that users wishing to get SAFE credentials (digital certificates) can trust who supplies them Who Issues SAFE Credentials?

7 Global Trust Challenge EMEA FDA MHLW MS3 MS4 MS5 The Biopharmaceutical Industry has many communication partners. CRO 2 Trade partner 1 Trade partner 2 CRO 1 Pharma 1 Pharma 2 Pharma 3

8 Individual Trust Domains Pharma X Biopharma Y FDA EMEA = = = Syndicated Bank Trust Network Regulated Financial Institutions Issuers Pharma Outsourced Identity Credential Provisioning = BioPharma Industry Trust “Bridge” Any SAFE Accredited CA = = = j The Solution: SAFE Trust Bridge

9  Two possibilities:  Your organization has its own internal or out-sourced CA which can be cross-certified with the SAFE Bridge CA  Your CA issues your employees SAFE-compliant credentials (certificates) which can then be accepted by other SAFE Members using the SAFE Bridge CA  You purchase a SAFE credential (certificate) from a SAFE-accredited Issuer that is cross-certified with the SAFE Bridge  Either way, your credential is interoperable and accepted within the SAFE community How Does a User Get a SAFE Credential?

10  A CA which establishes “trust connections” among other CAs  Issues certificates to SAFE “Member” CAs  Accepts certificates issued to it by SAFE “Member” CAs  (Analogy: mechanism to permit one DMV to trust drivers’ licenses issued by another DMV – electronically)  Is NOT a “root of trust” – rather, just a conduit of trust  Employs a distributed - NOT a hierarchical – model  Thus, all members are treated as equals  Is product-neutral – employs open standards for certificate issuance and management  Will support digitally signed transactions among Members, and between Members and regulators What is a Bridge Certification Authority?

11  No – in fact, there is one already in operation (the U.S. Federal Bridge CA) and several others in the planning stages  What is needed is:  A Certification Authority  Policy foundation  Certificate Policy per RFC 2527/3647  Certification Practices Statement per above  Hardware  Server running CA software  Server running directory/data base software  Server running software to respond to inquiries on certificate status  A governing body (typically called a Policy Authority)  An operational body that actually runs it (typically called an Operational Authority) Is it Hard to Establish a Bridge CA?

12  One hardware device per person, which holds your digital identity (this identity cannot be copied)  Ability to make your electronic (“digital”) signature on a document or transaction, meeting SAFE rules so it is legally binding  Ability of any SAFE Member to check (“verify”) your signature What does SAFE Mean to Users?

13  There is plenty of software currently available which performs and validates digital signatures. Two examples (there are many others):  Adobe 6.0  Microsoft Office XP/2003  We are releasing standards for SAFE-compliant signing and validation software  We encourage vendors to adjust their products to meet these standards  In most cases, doing so should not require substantial changes to existing products For Vendors

14 Discussion

15 Back-Up Materials

16 SAFE incorporates the STANDARDS from  Internet Engineering Task Force (IETF) RFCs  Federal Information Processing Standards (FIPS)  RSA PKCS Use of Industry Standards

17 Applications need to be SAFE Enabled

18 B Certification Authority End Entity Certificate Cross Certificate Relying parties are colored the same as their trust anchor. SAFE Bridge CA

19 Issuer AIssuer B User A AppUser B App Bridge CA CRL Publishing Issuer AIssuer B User A App User B App b Bridge CA CRL Publishing Issuer AIssuer B User A AppUser B App Bridge CA CRL Publishing Recommend for SAFE Phase 1 developmentRecommend on-hold for subsequent SAFE Phase development SAFE Signature Verification Options

20 Issuer AIssuer B User A AppUser B App 1. User A sends signed message to relying party B 2. User B validates certificate of User A by sending a signed request to it’s Issuer (CA) 4. Sends a timestamp signed response informing User B certificate is valid 3. Issuer B request for validation of User A certificate 5. Informs user B certificate is valid Bridge CA Signature Verification Option 1: Issuer Performed CRL Publishing Recommend for SAFE Phase 1 development SAFE Signature Verification Option 1: Issuer Performed

21 Issuer AIssuer B User A AppUser B App 1. User A sends signed message to relying party B 5. Sends timestamped signed response informing User B certificate is valid 2. User B validates certificate of User A by sending a signed request to it’s Issuer (CA) 3. Issuer A validated User B certificate 4. Sends timestamped signed response validating user B Signature Verification Option 2: Member Performed 1b. User B validates that Issuer A is contractually bound into the system Bridge CA CRL Publishing Recommend on-hold for subsequent SAFE Phase development SAFE Signature Verification Option 2: Member Performed

22 Signature Verification Option 3: SAFE Entity Performed Issuer AIssuer B User A App User B App Bridge CA CRL Publishing 1. User A sends signed message to relying party B 2. User B validates certificate of User A by sending a signed request to SAFE Bridge CA 3. SAFE informs user B that certificate is valid based on current SAFE & Issuer CRLs Recommend on-hold for subsequent SAFE Phase development SAFE Signature Verification Option 3: SAFE Entity Performed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.